Nmap Development mailing list archives
Re: NSE script contribution - dkron-discovery
From: Ícaro Torres <icaro.redes.ifpb () gmail com>
Date: Wed, 4 Nov 2020 20:15:13 -0300
Hello David, Sorry for the delay, I only was able to see the code right now, thanks a lot for the revision and tips. Follows attached the new version of the script. Best regards. Em qua., 4 de nov. de 2020 às 13:28, David Fifield <david () bamsoftware com> escreveu:
On Wed, Nov 04, 2020 at 09:12:56AM -0300, Ícaro Torres wrote:I would like to contribute with the NSE script dkron-discovery. It willlookfor the URI "/dashboard" in the port 8080 of the host running dKronservice,and if this is available it will grab the installed version. description = [[ Dkron is a system service for workload automation that runs scheduledjobs,just like the cron unix service but distributed in several machines in a cluster. Default TCP port is 8080. ]] This could help pentesters or blue/purple teams to work with this kind of exposure.Hi, thanks for this contribution. Here is some quick review. -- @args dkron-discovery.path The URL path to request. The default path is "/". local http_response = http.get(host, port, "/dashboard") The doc comment doesn't match the code, and dkron-discovery.path is not used. if string.match(http_response.rawbody, "Dkron %d.%d.%d") then dkron_version = string.match(http_response.rawbody, "%d.%d.%d") You probably want to reuse the string.match result here, rather than doing it twice. port.version.name = "dkron" I believe the convention is to use "http" for HTTP-based services. dkron_response = "\n\tInstalled version: " .. dkron_version .. "\n\tDirectory /dashboard is accessible!" Tabs are not normally used for indentation in NSE output. You should probably use structured output for this display: https://nmap.org/book/nse-api.html#nse-structured-output But finally, this script is probably better done as a fingerprint for the http-enum script. https://nmap.org/nsedoc/scripts/http-enum.html See the file nselib/data/http-fingerprints.lua for examples of requesting a custom path and extracting a version number from the output. For example, -- http://carnal0wnage.attackresearch.com/2015/02/cisco-asa-version-grabber-cve-2014-3398.html table.insert(fingerprints, { category = 'security', probes = { { path = '/CSCOSSLC/config-auth', method = 'GET' }, }, matches = { { match = '<version who="sg">([^<]+)</version>', output = 'Cisco ASA, firmware \\1' }, } });
-- Ícaro Torres Tecnólogo em Redes de Computadores - IFPB Pós-Graduado em Segurança da Informação - faculdade IDEZ Twitter: @IcaroTorres
Attachment:
dkron-discovery.nse
Description:
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- NSE script contribution - dkron-discovery Ícaro Torres (Nov 04)
- Re: NSE script contribution - dkron-discovery David Fifield (Nov 04)
- Re: NSE script contribution - dkron-discovery Ícaro Torres (Nov 04)
- Re: NSE script contribution - dkron-discovery David Fifield (Nov 04)